Out-of-Bounds Read Vulnerability in Eclipse Foundation NextX Duo Product
CVE-2025-55081
6.9MEDIUM
What is CVE-2025-55081?
In versions prior to 6.4.4 of NextX Duo by the Eclipse Foundation, the _nx_secure_tls_process_clienthello() function lacked proper verification of the ciphersuite length and the compression method length in SSL/TLS client hello messages. This oversight allows attackers to craft malicious messages that can trigger out-of-bounds read conditions, posing potential security risks to systems utilizing this function.
Affected Version(s)
NetX Duo 0 < 6.4.4